CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001 (CVSS score >= 3)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1101 CVE-2001-0307 94 Exec Code 2001-05-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist.
1102 CVE-2001-0306 Dir. Trav. 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ITAfrica WEBactive HTTP Server 1.00 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
1103 CVE-2001-0305 Dir. Trav. 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in store.cgi in Thinking Arts ES.One package allows remote attackers to read arbitrary files via a .. (dot dot) in the StartID parameter.
1104 CVE-2001-0304 Dir. Trav. 2001-05-03 2016-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote attackers to read arbitrary files via a "\.." (dot dot) in a URL request.
1105 CVE-2001-0303 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file.
1106 CVE-2001-0302 DoS Exec Code Overflow 2001-05-03 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL.
1107 CVE-2001-0301 Exec Code Overflow 2001-05-03 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings.
1108 CVE-2001-0299 DoS Exec Code Overflow 2001-06-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL.
1109 CVE-2001-0298 DoS Exec Code Overflow 2001-05-03 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP GET request.
1110 CVE-2001-0297 Dir. Trav. 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Simple Server HTTPd 1.0 (originally Free Java Server) allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
1111 CVE-2001-0296 Exec Code Overflow 2001-05-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute arbitrary commands via a long CWD command.
1112 CVE-2001-0295 Dir. Trav. 2001-05-03 2016-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in War FTP 1.67.04 allows remote attackers to list directory contents and possibly read files via a "dir *./../.." command.
1113 CVE-2001-0294 Dir. Trav. 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in a GET command, or (2) a ... in a CWD command.
1114 CVE-2001-0293 Dir. Trav. 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows remote attackers to read arbitrary files via a .. (dot dot) in the GET command.
1115 CVE-2001-0292 2001-05-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator.
1116 CVE-2001-0291 Exec Code Overflow 2001-05-03 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in post-query sample CGI program allows remote attackers to execute arbitrary commands via an HTTP POST request that contains at least 10001 parameters.
1117 CVE-2001-0290 2001-05-03 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords.
1118 CVE-2001-0289 +Priv 2001-05-03 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory.
1119 CVE-2001-0288 2001-05-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
1120 CVE-2001-0286 Dir. Trav. 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in A1 HTTP server 1.0a allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.
1121 CVE-2001-0285 DoS Exec Code Overflow 2001-05-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in A1 HTTP server 1.0a allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request.
1122 CVE-2001-0284 DoS Exec Code Overflow 2001-05-03 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option.
1123 CVE-2001-0283 Dir. Trav. 2001-05-03 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in SunFTP build 9 allows remote attackers to read arbitrary files via .. (dot dot) characters in various commands, including (1) GET, (2) MKDIR, (3) RMDIR, (4) RENAME, or (5) PUT.
1124 CVE-2001-0282 DoS Exec Code 2001-05-03 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
SEDUM 2.1 HTTP server allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request.
1125 CVE-2001-0281 +Priv 2001-05-03 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in DbgPrint function, used in debug messages for some Windows NT drivers (possibly when called through DebugMessage), may allow local users to gain privileges.
1126 CVE-2001-0280 Exec Code Overflow 2001-05-03 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in MERCUR SMTP server 3.30 allows remote attackers to execute arbitrary commands via a long EXPN command.
1127 CVE-2001-0279 Overflow +Priv 2001-05-03 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges.
1128 CVE-2001-0278 +Priv 2001-05-03 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Vulnerability in linkeditor in HP MPE/iX 6.5 and earlier allows local users to gain privileges.
1129 CVE-2001-0277 DoS Exec Code Overflow 2001-05-03 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request.
1130 CVE-2001-0276 2001-05-03 2017-10-10
6.4
None Remote Low Not required Partial None Partial
ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path.
1131 CVE-2001-0274 Exec Code 2001-05-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
kicq IRC client 1.0.0, and possibly later versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
1132 CVE-2001-0272 Dir. Trav. 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web development server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the templ parameter.
1133 CVE-2001-0271 Exec Code 2001-05-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
mailnews.cgi 1.3 and earlier allows remote attackers to execute arbitrary commands via a user name that contains shell metacharacters.
1134 CVE-2001-0270 DoS 2001-05-03 2008-09-05
5.0
None Remote Low Not required None None Partial
Marconi ASX-1000 ASX switches allow remote attackers to cause a denial of service in the telnet and web management interfaces via a malformed packet with the SYN-FIN and More Fragments attributes set.
1135 CVE-2001-0269 Bypass 2001-05-03 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
pam_ldap authentication module in Solaris 8 allows remote attackers to bypass authentication via a NULL password.
1136 CVE-2001-0268 +Priv 2001-05-03 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address.
1137 CVE-2001-0267 +Priv 2001-05-03 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
NM debug in HP MPE/iX 6.5 and earlier does not properly handle breakpoints, which allows local users to gain privileges.
1138 CVE-2001-0266 +Priv 2001-05-03 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier allows local users to gain privileges.
1139 CVE-2001-0264 +Info 2001-06-18 2008-09-05
5.0
None Remote Low Not required Partial None None
Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection.
1140 CVE-2001-0263 2001-06-18 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to read file attributes outside of the web root via the (1) SIZE and (2) MDTM commands when the "show relative paths" option is not enabled.
1141 CVE-2001-0262 Exec Code Overflow 2001-07-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL.
1142 CVE-2001-0260 Exec Code Overflow 2001-06-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Lotus Domino Mail Server 5.0.5 and earlier allows a remote attacker to crash the server or execute arbitrary code via a long "RCPT TO" command.
1143 CVE-2001-0259 2001-06-02 2017-10-10
3.6
None Local Low Not required Partial Partial None
ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file.
1144 CVE-2001-0258 DoS 2001-06-02 2017-12-19
5.0
None Remote Low Not required None None Partial
The Easycom/Safecom Print Server (firmware 404.590) PrintGuide server allows remote attackers to cause a denial of service via a large number of connections that send null characters.
1145 CVE-2001-0257 Exec Code Overflow 2001-06-02 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Easycom/Safecom Print Server Web service, version 404.590 and earlier, allows remote attackers to execute arbitrary commands via (1) a long URL or (2) a long HTTP header field such as "Host:".
1146 CVE-2001-0256 DoS Exec Code 2001-06-02 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
FaSTream FTP++ Server 2.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long username.
1147 CVE-2001-0255 2001-06-02 2017-12-19
5.0
None Remote Low Not required Partial None None
FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary directories by using the "ls" command and including the drive letter name (e.g. C:) in the requested pathname.
1148 CVE-2001-0254 2001-06-02 2016-10-18
5.0
None Remote Low Not required Partial None None
FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real pathname of the server via the "pwd" command.
1149 CVE-2001-0253 Dir. Trav. 2001-06-02 2017-12-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek 2000 allows remote attackers to read arbitrary files and directories via a .. (dot dot) attack in the show parameter.
1150 CVE-2001-0252 DoS 2001-06-02 2017-10-10
5.0
None Remote Low Not required None None Partial
iPlanet (formerly Netscape) Enterprise Server 4.1 allows remote attackers to cause a denial of service via a long HTTP GET request that contains many "/../" (dot dot) sequences.
Total number of vulnerabilities : 1506   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 (This Page)24 25 26 27 28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.